Cryptography in Java

tnngo2@gmail.com

Cryptography

to maintain and protect the confidentiality of the information when it is transmitted on a communication medium

is the mechanism of encoding information is secret coded form.

keep communications limited and private to only the sender and receiver

enhances the security, authenticity and integrity of the information passed across the communication medium

Cryptography Schemes

The process of cryptography is achieved with the help of encryption algorithm and an encryption key

The encryption algorithm is a mathematical procedure to encrypt or decrypt the data.

Encryption key is the input that encryption algorithm takes

Cryptography Algorithm Types

Secret Key Cryptography (Symmetric) Two entities share the same secret key.

Public Key Cryptography (Asymmetric)

Operates under two different keys.

One is used for encoding, the second for decoding.

Hash Functions (One-way cryptography, Message digests)

Encrypt the information into an irreversible codes.

Need for cryptography

In order to develop a secure database application, cryptography is needed to identify all the possible threats to the application and provide measures to prevent them.

The threats:

Violation of Privacy/confidentiality

Data can be read by an unintended receiver.

Tampering

modifying or deleting a resource without proper access privilege

Spoofing

impersonating the identity of a different user and use it in an unauthorized way

Purpose of Cryptography

Authentication

prevents spoofing by applying the digital signature

Privacy/confidentiality

verifies, prevents unintended receiver from reading the data

Integrity

verifies whether the data received by the receiver is the same data as sent by the sender

Non-repudiation

ensures that a user or a business organization or program entity has performed a transaction

Java Cryptography Architecture (JCA)

JCA is a framework written in Java to access and develop cryptographic functionality, and forms part of the Java security API

Java Cryptography Extension (JCE) extends the underlying architecture of JCA to implement encryption, key exchange

JCA and JCE together provide a complete, platform-independent API.

Design Principles of JCA

JCA was designed to access cryptography and security concepts.

Implementation independence and interoperability.

Algorithm independence and extensibility

Components of JCA

Cryptographic Service Providers

is a package or a set of packages defined by the JCA to implement one or more cryptographic services.

Key Management

manage the library of keys and certificates which in a database called keystore.

KeyStore class in the java.security package

Cryptographic Service

The Service provider classes are also known as Engine classes.

Classes and Interfaces of JCA

Core Engine Classes of JCA

Java Cryptography Extension (JCE)

JCA is a set of packages that form a framework and provides implementations for encryption, key generations and agreement, and Message Authentication Code (MAC) algorithms.

Additional cryptographic libraries can be plugged in.

Java Cryptography Extension APIs

Symmetric block encryption

Symmetric stream encryption

Password-based encryption

Key Agreement

Message Authentication Codes

Packages in JCE

Cipher

is the object capable of performing encryption and decryption as per an encryption algorithm.

is one of core classes from JCE

javax.crypto

Methods of Cipher

getInstance()

init()

update()

doFinal()

getBlockSize()

getAlgorithm()

getProvider()

Password Based encryption (PBE)

generates a secret encryption key based on a password provided by the end user.

is one of core classes from JCE

javax.crypto

Password Based encryption (PBE)

mix in a random number with the password, called the salt

prevent dictionary attacks or pre-computation attacks

PBEParameterSpec Class

SecretKeyFactory Class

Encrypting Data using Passwords

Take the string and create an instance of PBEKeySpec

Use a SecretKeyFactory to produce a SecretKey instance

Generate a random salt

Select an iteration count and create a PBEParameterSpec

Create a Cipher from the SecretKey and PBEParameterSpec

Encrypt the data with the Cipher and write output of the Cipher

Encrypting Data using Passwords

Encrypting Data using Passwords